authorization

package
v2.8.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 2, 2025 License: MIT Imports: 30 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DefaultHashVariant     = influxdb2_algo.VariantSHA256
	DefaultHashVariantName = influxdb2_algo.VariantIdentifierSHA256

	// HashVariantNameUnknown is the placeholder name used for unknown or unsupported hash variants.
	HashVariantNameUnknown = "N/A"
)
View Source 
const (
	// TokenRedactedMessage is the user facing message used when a hashed token is redacted.
	TokenRedactedMessage = "REDACTED"

	// TokenNotAvailableMessage is the user facing message when no token is available, plaintext or hashed.
	TokenNotAvailableMessage = "N/A"
)
View Source 
const MaxIDGenerationN = 100
View Source 
const ReservedIDs = 1000

Variables

View Source 
var (
	// ErrInvalidAuthID is used when the Authorization's ID cannot be encoded
	ErrInvalidAuthID = &errors.Error{
		Code: errors.EInvalid,
		Msg:  "authorization ID is invalid",
	}

	// ErrAuthNotFound is used when the specified auth cannot be found
	ErrAuthNotFound = &errors.Error{
		Code: errors.ENotFound,
		Msg:  "authorization not found",
	}

	// NotUniqueIDError occurs when attempting to create an Authorization with an ID that already belongs to another one
	NotUniqueIDError = &errors.Error{
		Code: errors.EConflict,
		Msg:  "ID already exists",
	}

	// ErrFailureGeneratingID occurs ony when the random number generator
	// cannot generate an ID in MaxIDGenerationN times.
	ErrFailureGeneratingID = &errors.Error{
		Code: errors.EInternal,
		Msg:  "unable to generate valid id",
	}

	// ErrTokenAlreadyExistsError is used when attempting to create an authorization
	// with a token that already exists
	ErrTokenAlreadyExistsError = &errors.Error{
		Code: errors.EConflict,
		Msg:  "token already exists",
	}
)
View Source 
var (
	ErrNilAuthorization    = goerrors.New("authorization cannot be nil")
	ErrHashedTokenMismatch = goerrors.New("HashedToken does not match Token")
	ErrNoTokenAvailable    = goerrors.New("no token available for authorization")
)
View Source 
var (
	ErrNoDecoders = errors.New("no authorization decoders specified")
)
View Source 
var (
	ErrReadOnly = goerrors.New("authorization store is read-only")
)

Functions

func ErrInvalidAuthIDError 

func ErrInvalidAuthIDError(err error) *errors.Error

ErrInvalidAuthIDError is used when a service was provided an invalid ID.

func NewService 

func NewService(st *Store, ts TenantService) influxdb.AuthorizationService

NewService creates a new authorization service with a given Store and TenantService.

func UnexpectedAuthBucketError added in v2.8.0 

func UnexpectedAuthBucketError(index []byte, err error) *errors.Error

UnexpectedAuthBucketError is used when the error comes from an internal system.

func VerifyPermissions 

func VerifyPermissions(ctx context.Context, ps []influxdb.Permission) error

VerifyPermissions ensures that an authorization is allowed all of the appropriate permissions.

Types

type AuthHandler 

type AuthHandler struct {
	chi.Router
	// contains filtered or unexported fields
}

func NewHTTPAuthHandler 

func NewHTTPAuthHandler(log *zap.Logger, authService influxdb.AuthorizationService, tenantService TenantService) *AuthHandler

NewHTTPAuthHandler constructs a new http server.

func (*AuthHandler) Prefix 

func (h *AuthHandler) Prefix() string

type AuthLogger 

type AuthLogger struct {
	// contains filtered or unexported fields
}

func NewAuthLogger 

func NewAuthLogger(log *zap.Logger, s influxdb.AuthorizationService) *AuthLogger

NewAuthLogger returns a logging service middleware for the Authorization Service.

func (*AuthLogger) CreateAuthorization 

func (l *AuthLogger) CreateAuthorization(ctx context.Context, a *influxdb.Authorization) (err error)

func (*AuthLogger) DeleteAuthorization 

func (l *AuthLogger) DeleteAuthorization(ctx context.Context, id platform.ID) (err error)

func (*AuthLogger) FindAuthorizationByID 

func (l *AuthLogger) FindAuthorizationByID(ctx context.Context, id platform.ID) (a *influxdb.Authorization, err error)

func (*AuthLogger) FindAuthorizationByToken 

func (l *AuthLogger) FindAuthorizationByToken(ctx context.Context, t string) (a *influxdb.Authorization, err error)

func (*AuthLogger) FindAuthorizations 

func (l *AuthLogger) FindAuthorizations(ctx context.Context, filter influxdb.AuthorizationFilter, opt ...influxdb.FindOptions) (as []*influxdb.Authorization, count int, err error)

func (*AuthLogger) UpdateAuthorization 

func (l *AuthLogger) UpdateAuthorization(ctx context.Context, id platform.ID, upd *influxdb.AuthorizationUpdate) (a *influxdb.Authorization, err error)

type AuthMetrics 

type AuthMetrics struct {
	// contains filtered or unexported fields
}

func NewAuthMetrics 

func NewAuthMetrics(reg prometheus.Registerer, s influxdb.AuthorizationService, opts ...metric.ClientOptFn) *AuthMetrics

func (*AuthMetrics) CreateAuthorization 

func (m *AuthMetrics) CreateAuthorization(ctx context.Context, a *influxdb.Authorization) error

func (*AuthMetrics) DeleteAuthorization 

func (m *AuthMetrics) DeleteAuthorization(ctx context.Context, id platform.ID) error

func (*AuthMetrics) FindAuthorizationByID 

func (m *AuthMetrics) FindAuthorizationByID(ctx context.Context, id platform.ID) (*influxdb.Authorization, error)

func (*AuthMetrics) FindAuthorizationByToken 

func (m *AuthMetrics) FindAuthorizationByToken(ctx context.Context, t string) (*influxdb.Authorization, error)

func (*AuthMetrics) FindAuthorizations 

func (m *AuthMetrics) FindAuthorizations(ctx context.Context, filter influxdb.AuthorizationFilter, opt ...influxdb.FindOptions) ([]*influxdb.Authorization, int, error)

func (*AuthMetrics) UpdateAuthorization 

func (m *AuthMetrics) UpdateAuthorization(ctx context.Context, id platform.ID, upd *influxdb.AuthorizationUpdate) (*influxdb.Authorization, error)

type AuthedAuthorizationService 

type AuthedAuthorizationService struct {
	// contains filtered or unexported fields
}

func NewAuthedAuthorizationService 

func NewAuthedAuthorizationService(s influxdb.AuthorizationService, ts TenantService) *AuthedAuthorizationService

func (*AuthedAuthorizationService) CreateAuthorization 

func (s *AuthedAuthorizationService) CreateAuthorization(ctx context.Context, a *influxdb.Authorization) error

func (*AuthedAuthorizationService) DeleteAuthorization 

func (s *AuthedAuthorizationService) DeleteAuthorization(ctx context.Context, id platform.ID) error

func (*AuthedAuthorizationService) FindAuthorizationByID 

func (s *AuthedAuthorizationService) FindAuthorizationByID(ctx context.Context, id platform.ID) (*influxdb.Authorization, error)

func (*AuthedAuthorizationService) FindAuthorizationByToken 

func (s *AuthedAuthorizationService) FindAuthorizationByToken(ctx context.Context, t string) (*influxdb.Authorization, error)

func (*AuthedAuthorizationService) FindAuthorizations 

func (s *AuthedAuthorizationService) FindAuthorizations(ctx context.Context, filter influxdb.AuthorizationFilter, opt ...influxdb.FindOptions) ([]*influxdb.Authorization, int, error)

func (*AuthedAuthorizationService) UpdateAuthorization 

func (s *AuthedAuthorizationService) UpdateAuthorization(ctx context.Context, id platform.ID, upd *influxdb.AuthorizationUpdate) (*influxdb.Authorization, error)

type AuthorizationClientService 

type AuthorizationClientService struct {
	Client *httpc.Client
}

AuthorizationClientService connects to Influx via HTTP using tokens to manage authorizations

func (*AuthorizationClientService) CreateAuthorization 

func (s *AuthorizationClientService) CreateAuthorization(ctx context.Context, a *influxdb.Authorization) error

CreateAuthorization creates a new authorization and sets b.ID with the new identifier.

func (*AuthorizationClientService) DeleteAuthorization 

func (s *AuthorizationClientService) DeleteAuthorization(ctx context.Context, id platform.ID) error

DeleteAuthorization removes a authorization by id.

func (*AuthorizationClientService) FindAuthorizationByID 

func (s *AuthorizationClientService) FindAuthorizationByID(ctx context.Context, id platform.ID) (*influxdb.Authorization, error)

FindAuthorizationByID finds a single Authorization by its ID against a remote influx server.

func (*AuthorizationClientService) FindAuthorizationByToken 

func (s *AuthorizationClientService) FindAuthorizationByToken(ctx context.Context, token string) (*influxdb.Authorization, error)

FindAuthorizationByToken is not supported by the HTTP authorization service.

func (*AuthorizationClientService) FindAuthorizations 

func (s *AuthorizationClientService) FindAuthorizations(ctx context.Context, filter influxdb.AuthorizationFilter, opt ...influxdb.FindOptions) ([]*influxdb.Authorization, int, error)

FindAuthorizations returns a list of authorizations that match filter and the total count of matching authorizations. Additional options provide pagination & sorting.

func (*AuthorizationClientService) UpdateAuthorization 

func (s *AuthorizationClientService) UpdateAuthorization(ctx context.Context, id platform.ID, upd *influxdb.AuthorizationUpdate) (*influxdb.Authorization, error)

UpdateAuthorization updates the status and description if available.

type AuthorizationHasher added in v2.8.0 

type AuthorizationHasher struct {
	// contains filtered or unexported fields
}

func NewAuthorizationHasher added in v2.8.0 

func NewAuthorizationHasher(opts ...AuthorizationHasherOption) (*AuthorizationHasher, error)

NewAuthorizationHasher creates an AuthorizationHasher for influxdb2 algorithm hashed tokens. variantName specifies which token hashing variant to use, with blank indicating to use the default hashing variant. By default, all variants of the influxdb2 hashing scheme are supported for maximal compatibility.

func (*AuthorizationHasher) AllHashes added in v2.8.0 

func (h *AuthorizationHasher) AllHashes(token string) ([]string, error)

AllHashes generates a list of PHC-encoded hashes of token for all deterministic (i.e. non-salted) supported hashes.

func (*AuthorizationHasher) AllHashesCount added in v2.8.0 

func (h *AuthorizationHasher) AllHashesCount() int

AllHashesCount returns the number of hash variants available through AllHashes.

func (*AuthorizationHasher) Decode added in v2.8.0 

func (h *AuthorizationHasher) Decode(phc string) (algorithm.Digest, error)

Decode decodes a PHC-encoded hash into a Digest object that can be matched.

func (*AuthorizationHasher) Hash added in v2.8.0 

func (h *AuthorizationHasher) Hash(token string) (string, error)

Hash generates a PHC-encoded hash of token using the selected hash algorithm variant.

func (*AuthorizationHasher) Match added in v2.8.0 

func (h *AuthorizationHasher) Match(phc string, token string) (bool, error)

Match determines if a raw token matches a PHC-encoded token.

type AuthorizationHasherOption added in v2.8.0 

type AuthorizationHasherOption func(o *authorizationHasherOptions)

func WithDecoderVariants added in v2.8.0 

func WithDecoderVariants(variants []influxdb2_algo.Variant) AuthorizationHasherOption

func WithHasherVariant added in v2.8.0 

func WithHasherVariant(variant influxdb2_algo.Variant) AuthorizationHasherOption

type Service 

type Service struct {
	// contains filtered or unexported fields
}

func (*Service) CreateAuthorization 

func (s *Service) CreateAuthorization(ctx context.Context, a *influxdb.Authorization) error

func (*Service) DeleteAuthorization 

func (s *Service) DeleteAuthorization(ctx context.Context, id platform.ID) error

func (*Service) FindAuthorizationByID 

func (s *Service) FindAuthorizationByID(ctx context.Context, id platform.ID) (*influxdb.Authorization, error)

func (*Service) FindAuthorizationByToken 

func (s *Service) FindAuthorizationByToken(ctx context.Context, n string) (*influxdb.Authorization, error)

FindAuthorizationByToken returns a authorization by token for a particular authorization.

func (*Service) FindAuthorizations 

func (s *Service) FindAuthorizations(ctx context.Context, filter influxdb.AuthorizationFilter, opt ...influxdb.FindOptions) ([]*influxdb.Authorization, int, error)

FindAuthorizations retrieves all authorizations that match an arbitrary authorization filter. Filters using ID, or Token should be efficient. Other filters will do a linear scan across all authorizations searching for a match.

func (*Service) UpdateAuthorization 

func (s *Service) UpdateAuthorization(ctx context.Context, id platform.ID, upd *influxdb.AuthorizationUpdate) (*influxdb.Authorization, error)

UpdateAuthorization updates the status and description if available.

type Store 

type Store struct {
	IDGen platform.IDGenerator
	// contains filtered or unexported fields
}

func NewStore 

func NewStore(ctx context.Context, kvStore kv.Store, useHashedTokens bool, opts ...StoreOption) (*Store, error)

NewStore creates a new authorization.Store object. kvStore is the underlying key-value store.

func (*Store) CreateAuthorization 

func (s *Store) CreateAuthorization(ctx context.Context, tx kv.Tx, a *influxdb.Authorization) (retErr error)

CreateAuthorization takes an Authorization object and saves it in storage using its token using its token property as an index. The contents of a should be considered invalid if an error occurs.

func (*Store) DeleteAuthorization 

func (s *Store) DeleteAuthorization(ctx context.Context, tx kv.Tx, id platform.ID) (retErr error)

DeleteAuthorization removes an authorization from storage

func (*Store) GetAuthorizationByID 

func (s *Store) GetAuthorizationByID(ctx context.Context, tx kv.Tx, id platform.ID) (auth *influxdb.Authorization, retErr error)

GetAuthorization gets an authorization by its ID from the auth bucket in kv

func (*Store) GetAuthorizationByToken 

func (s *Store) GetAuthorizationByToken(ctx context.Context, tx kv.Tx, token string) (auth *influxdb.Authorization, retErr error)

GetAuthorizationsByToken searches for an authorization by its raw (unhashed) token value. It will also search for entires with equivalent hashed tokens if the raw token is not directly found.

func (*Store) ListAuthorizations 

func (s *Store) ListAuthorizations(ctx context.Context, tx kv.Tx, f influxdb.AuthorizationFilter) (auths []*influxdb.Authorization, retErr error)

ListAuthorizations returns all the authorizations matching a set of FindOptions. This function is used for FindAuthorizationByID, FindAuthorizationByToken, and FindAuthorizations in the AuthorizationService implementation

func (*Store) Update 

func (s *Store) Update(ctx context.Context, fn func(kv.Tx) error) error

Update opens up a transaction that will mutate data.

func (*Store) UpdateAuthorization 

func (s *Store) UpdateAuthorization(ctx context.Context, tx kv.Tx, id platform.ID, a *influxdb.Authorization) (auth *influxdb.Authorization, retErr error)

UpdateAuthorization updates the status and description only of an authorization

func (*Store) View 

func (s *Store) View(ctx context.Context, fn func(kv.Tx) error) error

View opens up a transaction that will not write to any data. Implementing interfaces should take care to ensure that all view transactions do not mutate any data.

type StoreOption added in v2.8.0 

type StoreOption func(*storePlusOptions)

func WithAuthorizationHashVariantName added in v2.8.0 

func WithAuthorizationHashVariantName(name string) StoreOption

func WithAuthorizationHasher added in v2.8.0 

func WithAuthorizationHasher(hasher *AuthorizationHasher) StoreOption

func WithIgnoreMissingHashIndex added in v2.8.0 

func WithIgnoreMissingHashIndex(allowMissing bool) StoreOption

func WithLogger added in v2.8.0 

func WithLogger(log *zap.Logger) StoreOption

func WithReadOnly added in v2.8.0 

func WithReadOnly(readOnly bool) StoreOption

type TenantService 

type TenantService interface {
	FindOrganizationByID(ctx context.Context, id platform.ID) (*influxdb.Organization, error)
	FindOrganization(ctx context.Context, filter influxdb.OrganizationFilter) (*influxdb.Organization, error)
	FindUserByID(ctx context.Context, id platform.ID) (*influxdb.User, error)
	FindUser(ctx context.Context, filter influxdb.UserFilter) (*influxdb.User, error)
	FindBucketByID(ctx context.Context, id platform.ID) (*influxdb.Bucket, error)
}

TenantService is used to look up the Organization and User for an Authorization

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.